privacy and fairness in a variant of pr t voter
play

Privacy and fairness in a variant of Prt--voter Ben Smyth and - PowerPoint PPT Presentation

Privacy and fairness in a variant of Prt--voter Ben Smyth and Mark Ryan School of Computer Science The University of Birmingham Electronic voting currently Electronic voting is eagerly being taken up by governments and other


  1. Privacy and fairness in a variant of Prêt-à-voter Ben Smyth and Mark Ryan School of Computer Science The University of Birmingham

  2. Electronic voting currently ● Electronic voting is eagerly being taken up by governments and other organisations the world over. – The situation in the USA ● Proprietary system, with weak security properties. “15 year old in garage could manufacture cards and sell them on the internet that would allow multiple votes” [Avi Rubin] ● “I voted party p1 and the system said `Thank you, we have recorded your vote for party p2.’ ” (Radio phone-ins, websites) ● Allegations of involvement of equipment supplier with a political party – The situation in Estonia ● Internet voting offered to entire electorate ● Authentication by smart cards ● Re-voting allowed, to combat coercion

  3. Desirable properties of voting systems ● Desired properties of electronic voting systems – Eligibility: only eligible voters can vote, and only once. – Fairness: no early results can be obtained which could influence the remaining voters. – Privacy: no-one can link a voter and her vote. – Receipt-freeness: no receipt or other artifact is issued which would enable voter to prove how she voted. – Coercion-resistance: a voter cannot convince a coercer that she voted how he instructed.

  4. Desirable properties of voting systems ● Some other properties – Individual verifiability: a voter can verify that her vote was counted. – Universal verifiability: a voter can verify that the published result is the tally of the votes cast. – Robustness: Voters cannot disrupt the election. Faulty behaviour tolerated. – Vote-and-go: Voters participate in one session.

  5. Prêt-à-voter ● A voting scheme designed by Candidate Put X Chaum / P.Ryan / Schneider – Ballot papers have candidates listed in David a random rotation of the official list – An onion encodes the offset needed Tony to cycle back to the correct order – At vote time, the left-hand strip is Menzies detached and destroyed – The right-hand strip is given to the first Caroline of a series of Tellers ● each one decrypts a layer of the onion and Arthur computes a component of the offset ● then hands it on to the next one 7rJ#94iU

  6. Prêt-à-voter Administrator Alice T2k-2 T2k-4 T2 T0 onion offset onion offset + v decr / subtr / mix oni off decr / subtr / mix  decr / subtr / mix { }   { }     { } = onion g , g , ..., g , g , D ...     − − 2 k 1 2 k 2 1 0 T     T  0  T 1 − 2 k 3 T − 2 k 2 T 2 k − 1 d / s / m v = + + offset h ( g ) ... h ( g ) mod V − 2 k 1 0

  7. Corrupt election officials ● Voting systems should be designed to work securely even if the election officials are corrupt – Fairness: results cannot be released before election closes. – Privacy: no-one can link a voter and her vote. – Coercion-resistance: a voter cannot convince a coercer that she voted how he instructed. ● PaV fails to satisfy these properties – The authority that issues the ballot papers can reveal the vote without the need of the tellers (breaking fairness ) – And it can link the ballot paper with the published results (breaking privacy and coercion-resistance )

  8. Fixing PaV ● In PaV, the onion is constructed by the authority { }  { }      { } = onion g , g , ..., g , g , D ...     − − 2 k 1 2 k 2 1 0 T     T 0   T 1 2 k − 3 T − T 2 k 2 − 2 k 1 ● The authority can link onion and offset, and therefore compute the vote from the info posted on the bulletin board. Hence privacy (and therefore coercion-resistance) and fairness fail. ● Even if the voter constructs the onion, coercion resistance fails. She can prove an onion (and hence a vote) is hers by demonstrating knowledge of the germs g i . From these, the onion and the corresponding offset can be constructed.

  9. Better fix for PaV ● The voter constructs an onion with help from the tellers T0 {g 0 0 } T0 {g 0 1 } T1 {g 0 2 } T2 . . . o0 T1 {g 1 0 } T0 {g 1 1 } T1 {g 1 2 } T2 . . . o1 T2 {g 2 0 } T0 {g 2 1 } T1 {g 2 2 } T2 . . . o2 T3 {g 3 0 } T0 {g 3 1 } T1 {g 3 2 } T2 . . . o3 . . . . . . . . . c0 c1 c2 { }  { }      { } = onion c , c , ..., c , c , D ...     − − 2 k 1 2 k 2 1 0 T     T 0   T 1 − 2 k 3 T − 2 k 2 T − 2 k 1

  10. Better fix for PaV                 − − −  ∏ −  2 k 1 2 k 1 2 k 1 2 k 1 ∏ ∏ ∏ { g } , { g } , ..., { g } , { g } , D ...           − − i , 2 k 1 T i , 2 k 2 T i , 1 T 0 T     − − 2 k 1 2 k 2 1 0 = = = =         i 0 i 0 i 0 i 0   T   0 T   1 T − T 2 k 3 − 2 k 2 T − 2 k 1 ● No-one knows all the g ij ‘s, and no-one (except the voter) knows the offset. The voter can show the coercer how to reconstruct the onion, but she can’t convince him about the offset.

  11. Properties of fixed PaV ● Privacy ● Fairness ● Coercion-resistance holds except that the voter can prove to the last teller how she voted. (Can probably be fixed too!)

  12. P.Ryan / Peacock variant ● Also a solution which relies on distributing the construction of the ballot. – so that the relation between the ballot and the offset is not learned by any entity. Candidate Put X Candidate Put X Candidate Put X David Tony Menzies Caroline Arthur hY7^8FG 7rJ94iU hY7^8FG 7rJ94iU 7rJ94iU

  13. Do we need privacy and coercion-resistance ● In the UK? ● In the USA? ● What about Zimbabwe?

Recommend


More recommend